Hackers spent much of 2012 laying the groundwork for what they have in store for not only big business and strategic government and military targets, but consumers as well in 2013.
Security researchers who spend their days buried in code trying to analyze malware and attack patterns, see a continued escalation of the cat-and-mouse game between cybercriminals, nation-state sponsored hackers and those paid to defend business and consumer networks from these fluid threats. Hackers are expected to continue to exploit not only new avenues of attack, but abuse foundational Internet- and network-based technologies to steal corporate and political data, as well as personal and payment card data at the core of identity theft scams.
In other words, more of the same—only worse. Kaspersky Lab malware and security researchers have looked back at the past year and also sat down to think about what the next year holds for security, and the results are quite interesting.
The stakes are about to get higher, as experts learn more about the malware used in precise, targeted attacks against companies or government agencies. The U.S. government has already declared cyberspace a critical asset, and is working on formal rules of engagement should critical resources in this country be attacked.
On the offensive side, malware such as Stuxnet, Flame, Duqu and Gauss have already been linked to governments targeting nations in the Middle East such as Iran, Syria and Lebanon. Researchers at Kaspersky Lab published extensive research on Flame, Duqu and Gauss in 2012, sharing intimate details about each of these espionage weapons and how they avoided detection for up to five years, in the case of Flame. More nations are expected to join the ranks of China, the U.S., Israel, Iran and others in 2013 in developing code that can be used to spy on adversaries or attack industry to level economic-based attacks against other countries.
Kaspersky researchers expect also that surveillance tools will emerge and evolve next year to be used not only against strategic targets, but even individuals, bringing civil liberties and privacy concerns to the fore.
Targeted attacks are not limited to nation states; politically motivated hackers known as hacktivists made a splash in 2012 with high-profile attacks against banks in the U.S., government and corporate targets as well. Groups such as Anonymous continue to splinter, and continue to leak data in order to embarrass their targets or make a political or social statement.
Cybercriminals are not going away any time soon either. Attackers are also expected to ramp up their efforts around scareware and ransomware, malicious code that holds computers virtually hostage and extorts a ransom from the victim to get their machines or data back. Hackers are also placing greater value in stealing legitimate credentials to gain greater access to data assets.
What 2012 has shown is the strong inclination of cybercriminals to steal data from all devices used by consumers and businesses, be it a PC, Mac, smartphone or tablet. This is one of the most important trends of 2012. We are also observing a strong increase in the overall number of threats, affecting all popular software environments
Data has infinite value, especially in the underground and hackers are finding innovative ways to exploit vulnerabilities not only in tried and true vectors such as Windows desktops, but now have expanded that to mobile platforms, Android in particular, and desktop applications and browser plug-ins that are ubiquitous on all computing platforms.
During the second half of 2012 alone, a rash of zero-day vulnerabilities were discovered on the Java platform threatening the security model of that platform, as well as providing hackers with a way onto corporate networks and consumer endpoints. Adobe products such as Reader and Flash, downloaded on nearly every Windows and Apple endpoint, have been prime picking for hackers, who exploited gaping holes in it 2012 to access high-value targets inside corporations as well using it as a means to build consumer-machine-based botnets to launch spam and phishing campaigns.
“What 2012 has shown is the strong inclination of cybercriminals to steal data from all devices used by consumers and businesses, be it a PC, Mac, smartphone or tablet. This is one of the most important trends of 2012. We are also observing a strong increase in the overall number of threats, affecting all popular software environments,” said Costin Raiu, director of Kaspersky’s Global Research and Analysis Team.
Apple’s OS X platform, once thought safe from attackers, was targeted with the dangerous Flashback Trojan in 2012 that infected more than 600,000 machines. As OS X gains more penetration on both the business and consumer end, experts predict more attacks against the platform.
The cloud could be ripe hunting ground in 2013 as more businesses and consumers send critical data to third party service providers. The security of those relationships has to be evaluated closely as more people choose the convenience and cost efficiency of the cloud over security as a first consideration. Hackers too, can use the seemingly limitless computing power of the cloud to launch attacks, host spam and phishing campaigns and to steal data stored online.
Finally, trust eroded significantly in 2012. Not only when it came to privacy, but trust in fundamental Internet infrastructure such as SSL and digital certificates. Certificate authorities have been prime targets for attack, in particular, as hackers have used stolen certificates to sign malware or redirect legitimate traffic to sites hosting malware. Expect more focus on such initiatives as DNSSEC, SSL security and alternatives that can maintain the trust businesses and consumers have in using the Internet as a platform for ecommerce.
In the coming year, Kaspersky researchers expect the volume of targeted attacks to continue to climb and predict that government-sponsored surveillance tools will continue their evolution, a process that began several years ago and has progressed by leaps and bounds recently. Also, they expect to see attackers using software vulnerabilities in mobile platforms to perform invisible “drive-by download” attacks against smartphones and tablets. This is a natural extension of the techniques they’ve used for years on the desktop.